pedump 0.4.11 → 0.4.12

data/.travis.yml

@@ -0,0 +1,4 @@
+language: ruby
+before_install:
+  - sudo apt-get update -qq
+  - sudo apt-get install -qq upx-ucl p7zip

data/Gemfile

@@ -3,7 +3,7 @@ source "http://rubygems.org"
 # Example:
 #   gem "activesupport", ">= 2.3.5"
 gem "multipart-post", "~> 1.1.4"
-gem "progressbar", "~> 0.9.2"
+gem "progressbar"
 gem "awesome_print"
 
 # Add dependencies to develop your gem here.

data/Gemfile.lock

@@ -12,7 +12,7 @@ GEM
     json (1.7.5)
     looksee (1.0.3)
     multipart-post (1.1.5)
-    progressbar (0.9.2)
+    progressbar (0.12.0)
     rake (10.0.2)
     rdoc (3.12)
       json (~> 1.4)
@@ -35,6 +35,6 @@ DEPENDENCIES
   jeweler
   looksee
   multipart-post (~> 1.1.4)
-  progressbar (~> 0.9.2)
+  progressbar
   rspec
   what_methods

data/README.md

@@ -1,4 +1,4 @@
-pedump
+pedump    [![Build Status](https://travis-ci.org/zed-0xff/pedump.png?branch=master)](https://travis-ci.org/zed-0xff/pedump) [![Dependency Status](https://gemnasium.com/zed-0xff/pedump.png)](https://gemnasium.com/zed-0xff/pedump)
 ======
 
 Description
@@ -299,7 +299,26 @@ Usage
     KERNEL32.dll      21f        TlsAlloc
     KERNEL32.dll      220        TlsFree
     KERNEL32.dll      1fd        SetLastError
-    ...
+    KERNEL32.dll      221        TlsGetValue
+    KERNEL32.dll       62        ExitProcess
+    KERNEL32.dll      1b8        ReadFile
+    KERNEL32.dll       16        CloseHandle
+    KERNEL32.dll      24f        WriteFile
+    KERNEL32.dll       83        FlushFileBuffers
+    KERNEL32.dll       e9        GetModuleFileNameA
+    KERNEL32.dll       98        GetCPInfo
+    KERNEL32.dll       92        GetACP
+    KERNEL32.dll       f6        GetOEMCP
+    KERNEL32.dll       8b        FreeEnvironmentStringsA
+    KERNEL32.dll       d0        GetEnvironmentStrings
+    KERNEL32.dll       8c        FreeEnvironmentStringsW
+    KERNEL32.dll       d2        GetEnvironmentStringsW
+    KERNEL32.dll      242        WideCharToMultiByte
+    KERNEL32.dll       2b        CreateFileA
+    KERNEL32.dll      1f8        SetFilePointer
+    KERNEL32.dll      206        SetStdHandle
+    KERNEL32.dll      178        LoadLibraryA
+    KERNEL32.dll      1ef        SetEndOfFile
 
 ### Exports
 

data/VERSION

@@ -1 +1 @@
-0.4.11
+0.4.12

data/lib/pedump.rb

@@ -505,23 +505,26 @@ class PEdump
       tls_aoi = tls_aoi > 0 ? va2file(tls_aoi) : nil
     end
 
-    f.seek file_offset
-    r = []
-    while true
-      if tls_aoi && tls_aoi == file_offset+16
-        # catched the neat trick! :)
-        # f.tell + 12  =  offset of 'FirstThunk' field from start of IMAGE_IMPORT_DESCRIPTOR structure
-        logger.warn "[!] catched the 'imports terminator in TLS trick'"
-        # http://code.google.com/p/corkami/source/browse/trunk/asm/PE/manyimportsW7.asm
-        break
+    r = []; t = nil
+    if f.checked_seek(file_offset)
+      while true
+        if tls_aoi && tls_aoi == file_offset+16
+          # catched the neat trick! :)
+          # f.tell + 12  =  offset of 'FirstThunk' field from start of IMAGE_IMPORT_DESCRIPTOR structure
+          logger.warn "[!] catched the 'imports terminator in TLS trick'"
+          # http://code.google.com/p/corkami/source/browse/trunk/asm/PE/manyimportsW7.asm
+          break
+        end
+        t=IMAGE_IMPORT_DESCRIPTOR.read(f)
+        break if t.Name.to_i == 0 # also catches EOF
+        r << t
+        file_offset += IMAGE_IMPORT_DESCRIPTOR::SIZE
       end
-      t=IMAGE_IMPORT_DESCRIPTOR.read(f)
-      break if t.Name.to_i == 0 # also catches EOF
-      r << t
-      file_offset += IMAGE_IMPORT_DESCRIPTOR::SIZE
+    else
+      logger.warn "[?] imports info beyond EOF"
     end
 
-    logger.warn "[?] non-empty last IMAGE_IMPORT_DESCRIPTOR: #{t.inspect}" unless t.empty?
+    logger.warn "[?] non-empty last IMAGE_IMPORT_DESCRIPTOR: #{t.inspect}" if t && !t.empty?
     @imports = r.each do |x|
       if x.Name.to_i != 0 && (ofs = va2file(x.Name))
         begin
@@ -538,9 +541,9 @@ class PEdump
           f.seek ofs
           x[tbl] ||= []
           if pe.x64?
-            x[tbl] << t while (t = f.read(8).unpack('Q').first) != 0
+            x[tbl] << t while (t = f.read(8).to_s.unpack('Q').first).to_i != 0
           else
-            x[tbl] << t while (t = f.read(4).unpack('V').first) != 0
+            x[tbl] << t while (t = f.read(4).to_s.unpack('V').first).to_i != 0
           end
         end
         cache = {}
@@ -553,8 +556,7 @@ class PEdump
             if t & (2**(bits-1)) > 0                               # 0x8000_0000(_0000_0000)
               ImportedFunction.new(nil,nil,t & (2**(bits-1)-1),va) # 0x7fff_ffff(_ffff_ffff)
             elsif ofs=va2file(t, :quiet => true)
-              f.seek ofs
-              if f.eof?
+              if !f.checked_seek(ofs) || f.eof?
                 logger.warn "[?] import ofs 0x#{ofs.to_s(16)} beyond EOF"
                 nil
               else
@@ -597,14 +599,14 @@ class PEdump
   ##############################################################################
 
   #http://msdn.microsoft.com/en-us/library/ms809762.aspx
-  IMAGE_EXPORT_DIRECTORY = create_struct 'V2v2V2l2V3',
+  IMAGE_EXPORT_DIRECTORY = create_struct 'V2v2V7',
     :Characteristics,
     :TimeDateStamp,
     :MajorVersion,          # These fields appear to be unused and are set to 0.
     :MinorVersion,          # These fields appear to be unused and are set to 0.
     :Name,
     :Base,                  # The starting ordinal number for exported functions
-    :NumberOfFunctions,
+    :NumberOfFunctions,     # UNSIGNED!, perfectly valid when = 0xffff_ffff, see corkami/dllord.dll
     :NumberOfNames,
     :AddressOfFunctions,
     :AddressOfNames,
@@ -631,9 +633,8 @@ class PEdump
     va = @pe.ioh.DataDirectory[IMAGE_DATA_DIRECTORY::EXPORT].va
     file_offset = va2file(va)
     return nil unless file_offset
-    f.seek file_offset
-    if f.eof?
-      logger.info "[?] exports info beyond EOF"
+    if !f.checked_seek(file_offset) || f.eof?
+      logger.warn "[?] exports info beyond EOF"
       return nil
     end
     @exports = IMAGE_EXPORT_DIRECTORY.read(f).tap do |x|
@@ -715,7 +716,8 @@ class PEdump
 
       x.functions = []
       x.entry_points.each_with_index do |ep,i|
-        names = ord2name[i+x.Base].try(:join,', ')
+        names = ord2name[i+x.Base]
+        names = names.join(', ') if names
         next if ep.to_i == 0 && names.nil?
         x.functions << ExportedFunction.new(names, i+x.Base, ep)
       end

data/lib/pedump/ne/version_info.rb

@@ -125,7 +125,11 @@ class PEdump::NE
         cp = PEdump::NE.cp # XXX HACK
 
         x.Value   = f.read(value_len).to_s.chomp("\x00")
-        x.Value.force_encoding("CP#{cp}").encode!('UTF-8').sub!(/\u0000$/,'') rescue nil
+        begin
+          x.Value.force_encoding("CP#{cp}").encode!('UTF-8').sub!(/\u0000$/,'')
+        rescue
+          x.Value.force_encoding("CP1250").encode!('UTF-8').sub!(/\u0000$/,'') rescue nil
+        end
         if f.tell%4 > 0
           f.read(4-f.tell%4) # undoc padding?
         end

data/lib/pedump/pe.rb

@@ -38,7 +38,7 @@ class PEdump
       end
       PE.new(pe_sig).tap do |pe|
         pe.image_file_header = IMAGE_FILE_HEADER.read(f)
-        if pe.ifh.SizeOfOptionalHeader > 0
+        if pe.ifh.SizeOfOptionalHeader.to_i > 0
           if pe.x64?
             pe.image_optional_header = IMAGE_OPTIONAL_HEADER64.read(f, pe.ifh.SizeOfOptionalHeader)
           else
@@ -46,7 +46,7 @@ class PEdump
           end
         end
 
-        if (nToRead=pe.ifh.NumberOfSections) > 0xffff
+        if (nToRead=pe.ifh.NumberOfSections.to_i) > 0xffff
           if force.is_a?(Numeric) && force > 1
             logger.warn "[!] too many sections (#{pe.ifh.NumberOfSections}). forced. reading all"
           else

data/lib/pedump/resources.rb

@@ -189,7 +189,7 @@ class PEdump
     r = []
     Array(resources(f)).find_all{ |x| x.type == 'STRING'}.each do |res|
       res.data.each_with_index do |string,idx|
-        r << STRING.new( ((res.id-1)<<4) + idx, res.lang, string ) unless string.empty?
+        r << STRING.new( ((res.id.to_i-1)<<4) + idx, res.lang, string ) unless string.empty?
       end
     end
     r

data/lib/pedump/version.rb

@@ -2,7 +2,7 @@ class PEdump
   module Version
     MAJOR = 0
     MINOR = 4
-    PATCH = 11
+    PATCH = 12
     BUILD = nil
 
     STRING = [MAJOR, MINOR, PATCH, BUILD].compact.join('.')

data/pedump.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = "pedump"
-  s.version = "0.4.11"
+  s.version = "0.4.12"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Andrey \"Zed\" Zaikin"]
-  s.date = "2012-12-11"
+  s.date = "2012-12-12"
   s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc"
   s.email = "zed.0xff@gmail.com"
   s.executables = ["pedump"]
@@ -20,6 +20,7 @@ Gem::Specification.new do |s|
   s.files = [
     ".document",
     ".rspec",
+    ".travis.yml",
     "Gemfile",
     "Gemfile.lock",
     "LICENSE.txt",
@@ -58,8 +59,10 @@ Gem::Specification.new do |s|
     "misc/aspack/lzxdec.h",
     "misc/nedump.c",
     "pedump.gemspec",
+    "samples/bad/68.exe",
     "spec/65535sects_spec.rb",
     "spec/bad_imports_spec.rb",
+    "spec/bad_samples_spec.rb",
     "spec/composite_io_spec.rb",
     "spec/dllord_spec.rb",
     "spec/foldedhdr_spec.rb",
@@ -74,9 +77,11 @@ Gem::Specification.new do |s|
     "spec/sig_all_packers_spec.rb",
     "spec/sig_spec.rb",
     "spec/spec_helper.rb",
+    "spec/support/samples.rb",
     "spec/unpackers/aspack_spec.rb",
     "spec/unpackers/find_spec.rb",
-    "spec/virtsectblXP_spec.rb"
+    "spec/virtsectblXP_spec.rb",
+    "tmp/.keep"
   ]
   s.homepage = "http://github.com/zed-0xff/pedump"
   s.licenses = ["MIT"]
@@ -89,7 +94,7 @@ Gem::Specification.new do |s|
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
       s.add_runtime_dependency(%q<multipart-post>, ["~> 1.1.4"])
-      s.add_runtime_dependency(%q<progressbar>, ["~> 0.9.2"])
+      s.add_runtime_dependency(%q<progressbar>, [">= 0"])
       s.add_runtime_dependency(%q<awesome_print>, [">= 0"])
       s.add_development_dependency(%q<rspec>, [">= 0"])
       s.add_development_dependency(%q<bundler>, [">= 0"])
@@ -98,7 +103,7 @@ Gem::Specification.new do |s|
       s.add_development_dependency(%q<looksee>, [">= 0"])
     else
       s.add_dependency(%q<multipart-post>, ["~> 1.1.4"])
-      s.add_dependency(%q<progressbar>, ["~> 0.9.2"])
+      s.add_dependency(%q<progressbar>, [">= 0"])
       s.add_dependency(%q<awesome_print>, [">= 0"])
       s.add_dependency(%q<rspec>, [">= 0"])
       s.add_dependency(%q<bundler>, [">= 0"])
@@ -108,7 +113,7 @@ Gem::Specification.new do |s|
     end
   else
     s.add_dependency(%q<multipart-post>, ["~> 1.1.4"])
-    s.add_dependency(%q<progressbar>, ["~> 0.9.2"])
+    s.add_dependency(%q<progressbar>, [">= 0"])
     s.add_dependency(%q<awesome_print>, [">= 0"])
     s.add_dependency(%q<rspec>, [">= 0"])
     s.add_dependency(%q<bundler>, [">= 0"])

data/spec/bad_samples_spec.rb

@@ -0,0 +1,13 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+require File.expand_path(File.dirname(__FILE__) + '/../lib/pedump')
+
+PEDUMP_BINARY = File.expand_path(File.dirname(__FILE__) + '/../bin/pedump')
+
+Dir[File.join(SAMPLES_DIR,"bad","*.exe")].each do |fname|
+  describe fname do
+    it "should not cause exception" do
+      system "#{PEDUMP_BINARY} -qqq #{fname} > /dev/null"
+      $?.should be_success
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -8,26 +8,9 @@ require 'pedump'
 Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
 
 RSpec.configure do |config|
-end
-
-def sample
-  @pedump ||=
-    begin
-      fname =
-        if self.example
-          # called from it(...)
-          self.example.full_description.split.first
-        else
-          # called from before(:all)
-          self.class.metadata[:example_group][:description_args].first
-        end
-      fname = File.expand_path(File.dirname(__FILE__) + '/../samples/' + fname)
-      File.open(fname,"rb") do |f|
-        if block_given?
-          yield PEdump.new(f)
-        else
-          PEdump.new(f).dump
-        end
-      end
+  config.before :suite do
+    Dir[File.join(SAMPLES_DIR,"*.7z")].each do |fname|
+      system "7zr", "x", "-y", "-o#{SAMPLES_DIR}", fname
     end
+  end
 end

data/spec/support/samples.rb

@@ -0,0 +1,24 @@
+SAMPLES_DIR = File.expand_path(File.dirname(__FILE__) + '/../../samples/')
+
+def sample
+  @pedump ||=
+    begin
+      fname =
+        if self.example
+          # called from it(...)
+          self.example.full_description.split.first
+        else
+          # called from before(:all)
+          self.class.metadata[:example_group][:description_args].first
+        end
+      fname = File.join(SAMPLES_DIR, fname)
+      File.open(fname,"rb") do |f|
+        if block_given?
+          yield PEdump.new(f)
+        else
+          PEdump.new(f).dump
+        end
+      end
+    end
+end
+

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pedump
 version: !ruby/object:Gem::Version
-  version: 0.4.11
+  version: 0.4.12
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-12-11 00:00:00.000000000 Z
+date: 2012-12-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multipart-post
@@ -32,17 +32,17 @@ dependencies:
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ~>
+    - - ! '>='
       - !ruby/object:Gem::Version
-        version: 0.9.2
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ~>
+    - - ! '>='
       - !ruby/object:Gem::Version
-        version: 0.9.2
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: awesome_print
   requirement: !ruby/object:Gem::Requirement
@@ -150,6 +150,7 @@ extra_rdoc_files:
 files:
 - .document
 - .rspec
+- .travis.yml
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt
@@ -188,8 +189,10 @@ files:
 - misc/aspack/lzxdec.h
 - misc/nedump.c
 - pedump.gemspec
+- samples/bad/68.exe
 - spec/65535sects_spec.rb
 - spec/bad_imports_spec.rb
+- spec/bad_samples_spec.rb
 - spec/composite_io_spec.rb
 - spec/dllord_spec.rb
 - spec/foldedhdr_spec.rb
@@ -204,9 +207,11 @@ files:
 - spec/sig_all_packers_spec.rb
 - spec/sig_spec.rb
 - spec/spec_helper.rb
+- spec/support/samples.rb
 - spec/unpackers/aspack_spec.rb
 - spec/unpackers/find_spec.rb
 - spec/virtsectblXP_spec.rb
+- tmp/.keep
 homepage: http://github.com/zed-0xff/pedump
 licenses:
 - MIT
@@ -222,7 +227,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -1370513960600577087
+      hash: -3767964697457459615
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements: